Name: TFTP Fetch, Linux Command Shell, Reverse TCP Inline Module: payload/cmd/linux/tftp/armle/shell_bind_tcp Platform: Linux Arch: cmd Needs Admin: No Total size: 114 Rank: Normal Provided by: Brendan Watters Spencer McIntyre civ hal Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- ARGV0 sh no argv[0] to pass to execve FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET) FETCH_DELETE false yes Attempt to delete the binary after execution FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+) FETCH_SRVHOST yes Local IP to use for serving payload FETCH_SRVONCE true yes Stop serving the payload after it is retrieved FETCH_SRVPORT 8080 yes Local port to use for serving payload FETCH_URIPATH no Local URI to use for serving payload LPORT 4444 yes The listen port RHOST no The target address SHELL /bin/sh yes The shell to execute. When FETCH_COMMAND is one of CURL,WGET: Name Current Setting Required Description ---- --------------- -------- ----------- FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell. When FETCH_FILELESS is none: Name Current Setting Required Description ---- --------------- -------- ----------- FETCH_FILENAME POpqisoXHgYa no Name to use on remote system when storing payload; cannot contain spaces or slashes FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces Description: Fetch and execute an ARMLE payload from a TFTP server. Connect to target and spawn a command shell Name Current Setting Required Description ---- --------------- -------- ----------- AutoRunScript no A script to run automatically on session creation. AutoVerifySession true yes Automatically verify and drop invalid sessions CommandShellCleanupCommand no A command to run before the session is closed EXE::Custom no Use custom exe instead of automatically generating a payload exe EXE::EICAR false no Generate an EICAR file instead of regular payload exe EXE::FallBack false no Use the default template in case the specified one is missing EXE::Inject false no Set to preserve the original EXE function EXE::OldMethod false no Set to use the substitution EXE generation method. EXE::Path no The directory in which to look for the executable template EXE::Template no The executable template file name. FetchHandlerDisable false yes Disable fetch handler FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript) MSI::Custom no Use custom msi instead of automatically generating a payload msi MSI::EICAR false no Generate an EICAR file instead of regular payload msi MSI::Path no The directory in which to look for the msi template MSI::Template no The msi template file name MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted) PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call PrependSetuid false no Prepend a stub that executes the setuid(0) system call VERBOSE false no Enable detailed status messages WORKSPACE no Specify the workspace for this module